Lone Star Ruby Conf 2008: Packet-Fu with Ruby

Packet-Fu is geared towards attendees with some experience with implementing scripts using Python’s Scapy and Perl’s Net::RawIP, and provides a gentle introduction to low-level socket programming with Ruby and PcapRub using object-oriented design concepts.

Since the Ruby reimplementation of Metasploit in 2007, Ruby has become an essential scripting language for security professionals, yet Ruby’s packet inspection, generation, and manipulation capabilities have remained fairly occult and under-documented. With the release of “Scooby,” a honeypot demasking application, Tod hopes to convert a few Python/Perl coders to Ruby by virtue of a reasonably stable and well-documented reference implementation of Ruby packet-fu.

Major areas of focus include:

“Yet Another Packet Factory” : Design considerations for Scooby as an alternative to Scruby

“An IDS in Five Lines or Less” : Packet sniffing a la ngrep/Snort/etc.

“Irb is the new Hping” : Interactive packet injection with irb

“Unmasking Honeypots” : Applied remote OS fingerprinting

Tod Beardsley
Tod has 18 years of experience with data and telephony network security, and has previously held IT security positions at TippingPoint, Dell and Westinghouse. He is a frequent speaker at industry conferences on the technical aspects of phishing, has been interviewed extensively by major press publications, and occasionally blogs at Plan B Security.